How We Use Your Information
The General Data Protection Regulation (GDPR) is effective from 25th May 2018. It requires us to provide detailed information about processing of data that can identify a living person. This includes email addresses, businesses that operate as sole traders, and also the IP address of your device. We are required to tell you which lawful basis applies when we process your information and this is referred to below using the phrases Contract, Legal Obligation, Consent and Legitimate Interest.
Visitors to Our Website
When someone visits www.thepayrollsite.co.uk we collect log information that includes the time, the file being accessed and the IP address of the visitor's device. We do this to ensure network and information security, which is a Legitimate Interest for the purposes of the GDPR, and we keep the logs for 3 months.
Customers and Suppliers
For customers and suppliers, we store organisation names, billing addresses and VAT information in order to enter into a Contract and we retain this for 6 years after the end of the Contract. We may occasionally post items to the billing address of current customers, to thank them for their custom, in the Legitimate Interest of maintaining good customer relationships. Please let us know if you object to this.
We keep financial and accounting records, which in some cases can identify a living person, for 7 years. This is to meet our Legal Obligations.
Employees and Job Applicants
Most emails, including all emails to and from customers, are kept for up to 2 years, for dealing with the query and providing context for ongoing queries. This serves our Legitimate Interest of maintaining good relationships. Some emails from suppliers, business partners and government bodies, contain information relevant to an agreement or a technical matter, and these are retained for a period consistent with the Legitimate Interest served by each email.
Records of letters and other items posted to customers are kept for up to 2 years, in the Legitimate Interest of maintaining good customer relationships.
Data Collected within Our Online Payroll Service
When someone opens an online payroll account (including a free trial account) on our website, we collect information that falls into these categories:
- Payroll information. For the purposes of the GDPR, the employer is the data controller and we act as a processor. This information is stored and processed on your behalf and not used for any other purpose. If you require support, our personnel may view your data (with your permission) in order to answer your questions. We keep system backups for one month and these are only used to recover from physical or technical incidents that would otherwise prevent you from processing the data, for your purposes. At any time, you can close your account, which will delete your payroll data. If a free trial account is paused or abandoned, the payroll data will be retained for 1 year after the end of the tax year. If a paying customer account is made dormant or abandoned, the payroll data will be retained to the end of the tax year plus an additional 4 years.
- Customer email address. This is your login username and we also use it to contact you about your account. This is necessary to provide the service under our Contract and we retain it for as long as we retain the payroll information.
- Activity logs. When you are logged into the site, a record of your activity is stored, including your account, the time, which page you accessed and the browser version you used. This information may be used in order to investigate specific problems with your account, as part of the support provided under our Contract. The logs are retained for 3 months.
- Optional information. When you first open an account, we ask a few optional questions which we use to analyse the effectiveness of our marketing. You can also enter a contact name and telephone number, so we can contact you. These are held on the basis of your Consent and will be removed when the account is closed. Customer suggestions, testimonials and other feedback are also held on the basis of Consent. If you wish to withdraw your Consent for any of these items, please contact us.
- Other information related to your account. Options that you have selected within your account and notes that our staff had made against your account are processed in order to fulfil our Contract with you, and are retained for as long as the payroll information.
None of the collected information is passed to third parties, unless we are required to do so by UK or EU law, or you explicitly choose to send it using the features of our site. These include the following options.
- To electronically send payroll and contact information directly to HMRC.
- To electronically send payroll data to your online accounting system or your pension provider.
- To send payslips by email.
Storage of Data
The data we collect is kept securely within the United Kingdom. It is not transferred outside the UK except if you choose the option to send data to an online accounting system or pension provider outside the UK, or to email payslips outside the UK.
Cookies are small text files which are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Our website uses only one cookie. It is a session cookie used to remember that you are logged into the website. The cookie is automatically removed when you close your browser or log out of our website.
Links to Other Websites
In relation to data about you, for which we are the data controller, the GDPR requires us to inform you of the rights listed below. Please note that employees of organisations whose payrolls are processed on our system should exercise their rights via their employers, who are the data controllers.
- You have the right to ask us for access to and rectification or erasure of personal data or restriction of processing.
- You have the right to object to processing information on the basis of Legitimate Interest.
- You have the right to data portability for the data that you provided about yourself on the basis of Consent or Contract.
- You have the right to withdraw your Consent at any time, without affecting the lawfulness of earlier processing.
- You have the right to lodge a complaint with the Information Commissioner's Office.
You can find more information about these rights on the website of the Information Commissioner's Office.
This policy was last updated in May 2018.